Phishing Reporter Add-In
Phishing Reporter helps users to report the suspicious email for analysis and start an incident investigation with Incident Responder.
To run phishing reporter add-in, make sure you have all pre-requisites of Visual Studio 2010 Tools for Office Runtime.
The main function of Phishing Reporter is to make users easily report suspicious emails to their incident responder. When a user detects a suspicious email by clicking on the Suspicious Email Reporter button, he/she reports it to the incident responder module for analysis. Then, the platform investigates this suspicious email either by its own engine or with third-party integrated services. Click to see “ How does an investigation mechanism work?”
Benefits to the security operation centre (SOC)
It gives the ability to conduct an incident investigation and response without violating the privacy of users.
It strengthens the last line of defence by transforming users into “proactive agents” that detect and report attacks.[1]
Benefits to an email user
Users report suspicious an email with a single click.
It allows a user to send a suspicious email to analysis services and get a risk score.
Users receive immediate feedback.
[1] It is a way of proactively involving users to protect the institution’s security by getting employees to report suspicious emails.
Compatability
This outlook add-in compatible with the below version of Outlook
How Does the Add-in Work?
In Outlook, where the add-in is installed, the working principle works as follows:
When add-in opened:
a. Sends a heartbeat to server
b. Get order from the server, if there was an investigation or action
When add-in runs:
a. Sends the heartbeat to the server in periodic time [1]
b. If any order comes from the server, then start to do this investigation or action [2]
c. If an error occurred then it logs it to the client-side then send it to our server
When outlook closes itself, then add-in close:
[1] The add-in optimizes this process according to network and machine performance by itself.
[2] When conducting the investigation, the add-in optimizes this process according to the computer and the network situation.
Logging Mechanism
The platform's Add-in logs all problems and reports both of user’s computer (C:\Users\Public\KeepnetLabs\Log) and keepnet server.
In order to resolve the problem, please check the logs.
Older Logs: Add-in compresses and archives older logs in .zip format bigger than 8MB
Installer: Add-in keeps the logs that appeared during the installation.
Keepnet Outlook Add-in Log: The log file that keeps the logs created when add-in functions.
Minimum Computer Specifications
Outlook Versions: Outlook 2007/2010/2013/2016
CPU Usage: 0% to 5% of CPU
RAM Usage: 120~ MB of RAM
Disk Usage: 3MB disk space
Network Traffic: payload size + http requests size = Approx. 230kbps
Generating Add-in
To get the most up-to-date version of the plugin, you can access the Incident Response> Outlook Plugin page from the Keepnet cloud interface. You can create an add-in as you like in the following criteria.
Customization
When you have logged in to the Platform, the Outlook Add-in menu helps you prepare custom plugins.
Phishing Reporter Announcement Email Template
To inform your users about the Phishing Reporter Outlook add-in, you can use the following text.
Last updated